What is claimed is: 



CLAIMS 



1 . A method facilitating deployment of volume-based network policies across a 
5 computer network, the method comprising the steps of: 

monitoring the volume of network traffic generated by a plurality of users; 
detecting a network utilization milestone relative to at least one of the users; 

and 

affecting a characteristic associated with the network access provided to the 
10 user(s) identified in the detecting step, 

2. The method of claim 1 wherein the affecting step comprises the step of: 

affecting a performance characteristic of the network access provided to the 
user(s) identified in the detecting step. 

15 

3. The method of claim 1 wherein the affecting step comprises the step of: 

degrading the network access provided to the user(s) identified in the 
detecting step. 

20 4. The method of claim 1 wherein the affecting step comprises the step of: 

denying further network access to the user(s) identified in the detecting step. 

5. The method of claim 1 wherein the affecting step comprises the step of: 

charging the user(s) identified in the detecting step for further network access. 

25 

6. The method of claim 1 further comprising the step of 

notifying a user when the volume of traffic associated with the user approaches 
a network utilization milestone. 

30 7. The method of claim 1 wherein the detecting step comprises 
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comparing the volume of traffic associated with a user over a given time 
interval against a threshold level defining a network utilization milestone. 

8. The method of claim 3 wherein network access is degraded only with respect to a 
5 predefined set of traffic types. 

9. The method of claim 4 wherein network access is denied only with respect to a 
predefined set of traffic types. 

io 10. The method of claim 1 wherein the monitoring step is performed only with 
respect to a predefined set of traffic types. 

1 1 . A method facilitating deployment of volume-based network policies across a 
computer network, the method comprising the steps of 

15 monitoring the volume of network traffic generated by a plurality of users 
within a given time interval; 

detecting, during the time interval, a network utilization milestone relative to 
at least one of the users; and, 

affecting, for the remainder of the time interval, a characteristic associated 
20 with the network access provided to the user(s) identified in the detecting step. 

12. The method of claim 11 wherein the affecting step comprises the step of: 

affecting a performance characteristic of the network access provided to the 
user(s) identified in the detecting step. 

25 

13. The method of claim 1 1 wherein the affecting step comprises the step of: 

degrading the network access provided to the user(s) identified in the 
detecting step. 

30 14. The method of claim 11 wherein the affecting step comprises the step of: 

denying further network access to the user(s) identified in the detecting step. 
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15. The method of claim 11 wherein the affecting step comprises the step of: 

charging the user(s) identified in the detecting step for further network access. 

5 16. The method of claim 11 further comprising the step of 

notifying a user when the volume of traffic associated with the user approaches 
a network utilization milestone. 

17. The method of claim 11 wherein the detecting step comprises 

10 comparing the volume of traffic associated with a user over a given time 
interval against a threshold level defining a network utilization milestone. 

18. The method of claim 17 wherein the time interval is a fixed time interval. 

15 19. The method of claim 17 wherein the time interval is a sliding time interval. 

20. The method of claim 13 wherein network access is degraded only with respect to 
a predefined set of traffic types. 

20 21 . The method of claim 14 wherein network access is denied only with respect to a 
predefined set of traffic types. 

22. The method of claim 1 wherein the monitoring step is performed only with 
respect to a predefined set of traffic types. 

25 

23. A method facilitating deployment of volume-based network policies across a 
computer network, the method comprising the steps of 

registering a user at a network access device connected to a first computer 
network, the network access device including an IP address; 
30 associating the IP address with the user; 



6533/53662 



30 



providing the user access to a second computer network by changing the 
configuration of a network device in a communication path between the first 
computer network and the second computer network; 

monitoring the volume of network traffic associated with the IP address; 
5 detecting a network utilization milestone based on the volume of network 
traffic associated with the IP address; 

changing the configuration of the network device to affect a characteristic 
associated with access to the second network provided to the user. 

10 24. An apparatus facilitating the deployment of volume-based network policies across 
a first computer network, the first computer network comprising at least one traffic 
monitoring device operative to monitor the volume of network traffic generated by 
individual users, and at least one network control device operative to control access 
to a second computer network, comprising 

15 a user account database maintaining the respective volumes of network traffic 
generated by a plurality of users; 

a data logging module operative to collect network utilization data from the 
traffic monitoring device and store the network utilization data in the user account 
database; 

20 a network usage monitor operative to: 

scan the user account database to detect a network utilization milestone 
reached by a user based on the volume of network traffic associated with the user, 
and 

modify the configuration of the network control device to affect a 
25 characteristic of access to the second computer network for the user. 

25. The apparatus of claim 24 further comprising a user interface module operative 
to register new users and create corresponding user accounts in the user account 
database. 
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26. The apparatus of claim 25 wherein the apparatus, in response to registration of a 
new user, is operative to modify the configuration of the network control device to 
allow access to the second computer network for the new user. 

5 27. A system facilitating the deployment of volume-based network policies across a 
first computer network, comprising 

a bandwidth management device operably connected to a communication path 
between the first computer network and a second computer network, 
wherein the bandwidth management device is operative to: 
10 monitor the volume of network traffic generated by individual hosts on 

the first computer network, and 

enforce bandwidth utilization controls associated with individual hosts 
on data flows generated by the respective individual hosts; 
a user management server operative to: 
15 detect a network utilization milestone based on the volume of network 

traffic associated with an individual host; and, 

in response to a network utilization milestone, change the configuration 
of the bandwidth management device to associate bandwidth utilization controls 
corresponding to the milestone with the individual host. 

20 

28. The system of claim 27 wherein the bandwidth management device is operative 
to redirect data flows generated by unknown hosts on the first computer network to 
the user management server; and wherein user management server is operative to 
register unknown hosts and change the configuration of the bandwidth management 

25 device to associate the host with bandwidth utilization controls operative to permit 
access to the second network. 

29. The system of claim 27 wherein the bandwidth utilization controls associated 
with the milestone are operative to deny access to the second computer network. 

30 



6533/53662 



32 



30. The system of claim 27 wherein the bandwidth utilization controls associated 
with the milestone are operative to degrade access to the second computer network. 

31. The system of claim 27 wherein the bandwidth management device is further 
5 operative identify network traffic types associated with data flows traversing the 

device; and wherein the user management server is operative to configure bandwidth 
utilization controls applicable to traffic types identified by the bandwidth 
management device. 

10 32. The system of claim 27 wherein the bandwidth management device and the user 
management server reside on the same device. 
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